The Contract Checklists provide a list of items that must be completed prior to beginning onboarding and when offboarding a contract.
Preboarding Checklist | You are ready to onboard a contract after completing the following: - Completed CBT Training (cms.gov/cbt): RBT & RoB Policy Updates: A Briefing for CORs
The COR training includes a review of RBT and RoB resource kits for use with CMS contractors. The training additionally covers the COR responsibilities for collecting training records demonstrating that all contractors with SSR complete specialized RBT commensurate with their roles within sixty (60) days of beginning work on a contract, annually thereafter and upon request. - Submitted final Acquisition Plan (AP) and Contract to OAGM
- All Contract and or AP revisions are submitted and finalized.
Checklist - Request Security Documentation List
- CMS System Access (Badging)
- Conduct Contractor Facility Site Visit
- Contract Award Activities
- Create Contingency Plan Guidance
- Data Use Agreement Approval
- Finalize Site Survey Agreement
- Identify COR
- Identify ISG SMEs
- Identify Security Documentation
- Identify Tools and Systems Used
- Identify Transition Team
- Initial Meeting with COR
- Prepare Contact Lists
- Prepare Data and Knowledge Transfer Documentation
- Prepare Overview of CMS and ISG ISSO
- Prepare Project Meeting Details
- Virtual Desktop Infrastructure Requirement
|
---|
Contract Closeout | This document is the Standard Operating Procedure (SOP) for closing out an ISG contract. |
---|
QualityNet Security is a central repository that houses HCQIS policies, guidelines, and templates intended for existing or potential CCSQ contractors using QualityNet IT Services and/or HCQIS network resources.
The information is intended to guide contractors or potential bidders in meeting general CMS security requirements as well as providing associated processes to ensure compliance within the contract and while utilizing the CCSQ systems.
Refer to the Security tab on the QualityNet Communications Hub for the following information regarding QualityNet security:
This table provides templates for CMS COR use in support of their role and responsibilities in onboarding or offboarding contractors to QualityNet IT Services.
Contract Engagement Intake Form | This form starts the onboarding process once a contract’s period of performance begins. The CMS COR and New Contractor must complete an initial form to request the start of the contract engagement. Based on the information provided, the ISG Contract Engagement team will determine if there is a need for QualityNet IT Services. Refer to the Procedures for Completing the Contract Engagement Intake Form for more information as part of the Onboarding Process. |
---|
Data, Infrastructure & Security - Information Systems Group (ISG) Questionnaire | The ISG Questionnaire aids in obtaining ISG approval and/or guidance for any IT data, infrastructure, and security requirements necessary to complete the contract tasks. The information obtained from the questionnaire will be used in planning the engagement timeline and deliverables. |
---|
ISG Contract Closeout SOP | This document is the Standard Operating Procedure (SOP) for closing out an ISG contract. |
---|
ISG Roles and Responsibilities Matrix | The purpose of this document is identify the responsibilities for steps listed in Section 3 – Procedure Steps based on the required roles for completing the engagement and onboarding of New Contractors within ISG. |
---|
ISG Transition Activities Project Schedule Template | The ISG Engagement Activities Project Schedule Template is a tool that can be customized. It aids the Engagement Lead in creating their engagement project schedule because it includes engagement activities, durations, dependencies, and resource names to ensure that all engagement activities can be completed by the engagement end date. |
---|
This table provides links to training opportunities available to CMS CORs and Contractors.
RBT & RoB Policy Updates: A Briefing for CORs (cms.gov/cbt) | Access the training under the RBT menu on the Manage Training Information page. |
---|
National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework | This publication serves as a fundamental reference resource to support a workforce capable of meeting an organization’s cybersecurity needs. It provides organizations with a common, consistent lexicon that categorizes and describes cyber security work.
|
---|
RBT & RoB Policy Updates: A Briefing for CORs (cms.gov/cbt) | A specialized training titled RBT & RoB Policy Updates: A Briefing for CORs. All CORs are expected to take this training annually. Access the training under the RBT menu on the Manage Training Information page. |
---|
Role-Based Training (RBT) | All contractors with SSR complete specialized RBT commensurate with their roles within sixty (60) days of beginning work on a contract, annually thereafter and upon request. |
---|
Role-Based Training (RBT) policy implementation | For additional guidance on RBT policy implementation, refer to the Risk Management Handbook Chapter 2 Awareness and Training, dated 02/27/2019. |
---|
QualityNet User Guide (https://www.qualitynet.org) | The purpose of the Hospital Quality Reporting (HQR) 5.0 release is to support the existing Hospital Inpatient Quality Reporting (IQR), Inpatient Psychiatric Facility Quality Reporting (IPFQR), Hospital Outpatient Quality Reporting (OQR), Ambulatory Surgical Center Quality Reporting (ASCQR), and Prospective Payment System (PPS)-Exempt Cancer Hospital Quality Reporting (PCHQR) programs. This user guide provides the information necessary for IQR, OQR, and PCH hospitals and ASCs and IPFs to use the HQR 5.0 System Release. |
---|